AI Code Reviewer
by @tktk-ai
Automated code review — security vulnerabilities, performance issues, best practices, refactoring suggestions, and documentation gaps. Supports Python, JavaS...
clawhub install tk-code-reviewer📖 About This Skill
name: ai-code-reviewer description: Automated code review — security vulnerabilities, performance issues, best practices, refactoring suggestions, and documentation gaps. Supports Python, JavaScript/TypeScript, Go, Rust, and more. PR-ready review comments. metadata: version: 1.0.0 author: TKDigital category: Developer Tools tags: [code review, security, performance, refactoring, best practices, pull request, developer tools]
AI Code Reviewer
Comprehensive automated code reviews — security, performance, best practices, and refactoring suggestions.
What It Does
1. Security Scan — SQL injection, XSS, SSRF, secrets in code, insecure dependencies 2. Performance Analysis — N+1 queries, memory leaks, inefficient loops, caching opportunities 3. Best Practices — Code style, naming conventions, SOLID principles, DRY violations 4. Refactoring Suggestions — Concrete before/after code improvements 5. Documentation Gaps — Missing docstrings, unclear function names, no type hints 6. Complexity Analysis — Cyclomatic complexity, function length, nesting depth 7. PR-Ready Comments — Output formatted as pull request review comments
Usage
Full Code Review
Review this code for security, performance, and best practices:Language: [Python/JavaScript/TypeScript/Go/Rust]
Context: [What does this code do?]
Priority: [Security first / Performance first / General review]
[Paste code or file path]
For each issue found:
1. Severity (critical/high/medium/low)
2. Category (security/performance/style/bug)
3. Line reference
4. What's wrong
5. How to fix (with corrected code)
Security-Focused Review
Security audit this code. I'm looking for:
SQL injection vulnerabilities
XSS attack vectors
Authentication/authorization bypasses
Secrets or credentials in code
Insecure dependencies
SSRF/CSRF vulnerabilities
Input validation gaps Language: [Language]
[Paste code]
Performance Review
Analyze this code for performance issues:
Database query efficiency (N+1, missing indexes)
Memory usage and potential leaks
Algorithm complexity (can it be optimized?)
Caching opportunities
Async/concurrency improvements Context: This handles [X requests/second] and processes [Y data]
[Paste code]
Refactoring Guide
Suggest refactoring improvements for this code:
Reduce complexity
Improve readability
Apply design patterns where beneficial
Remove duplication
Improve testability Show before/after for each suggestion.
[Paste code]
PR Review Format
Review this pull request diff:[Paste diff or describe changes]
Output as PR comments:
File: [filename]
Line: [number]
Comment: [review comment]
Suggestion: [code suggestion if applicable]
Output Format
# Code Review ReportFiles Reviewed: [count]
Language: [language]
Overall Score: [X/100]
🔴 Critical Issues ([count])
Issue 1: [Title]
Severity: Critical
Category: Security
Location: [file:line]
Problem: [Description]
Impact: [What could happen]
Fix:
[language]
// Before (vulnerable)
[old code]
// After (fixed)
[new code]
🟡 Warnings ([count])
[Medium-severity issues]🔵 Suggestions ([count])
[Low-severity improvements]🟢 Positive Observations
[What's already good about the code]Summary
Critical: [X] (must fix before merge)
Warnings: [X] (should fix soon)
Suggestions: [X] (nice to have)
Score: [X/100]
Supported Languages
Best Practices
security-auditor for infrastructure-level security checksReferences
references/security-patterns.md — Common vulnerability patterns by languagereferences/performance-patterns.md — Common performance anti-patterns💡 Examples
Full Code Review
Review this code for security, performance, and best practices:Language: [Python/JavaScript/TypeScript/Go/Rust]
Context: [What does this code do?]
Priority: [Security first / Performance first / General review]
[Paste code or file path]
For each issue found:
1. Severity (critical/high/medium/low)
2. Category (security/performance/style/bug)
3. Line reference
4. What's wrong
5. How to fix (with corrected code)
Security-Focused Review
Security audit this code. I'm looking for:
SQL injection vulnerabilities
XSS attack vectors
Authentication/authorization bypasses
Secrets or credentials in code
Insecure dependencies
SSRF/CSRF vulnerabilities
Input validation gaps Language: [Language]
[Paste code]
Performance Review
Analyze this code for performance issues:
Database query efficiency (N+1, missing indexes)
Memory usage and potential leaks
Algorithm complexity (can it be optimized?)
Caching opportunities
Async/concurrency improvements Context: This handles [X requests/second] and processes [Y data]
[Paste code]
Refactoring Guide
Suggest refactoring improvements for this code:
Reduce complexity
Improve readability
Apply design patterns where beneficial
Remove duplication
Improve testability Show before/after for each suggestion.
[Paste code]
PR Review Format
Review this pull request diff:[Paste diff or describe changes]
Output as PR comments:
File: [filename]
Line: [number]
Comment: [review comment]
Suggestion: [code suggestion if applicable]
📋 Tips & Best Practices
security-auditor for infrastructure-level security checks